In addition, your company should also give consumers express opportunities to accept or decline an agreement in order to correct errors immediately before entering into it. Depending on the applicable jurisdiction, failure to disclose the proper information to the consumer or to give the consumer an express opportunity to accept or decline may result in the consumer being able to cancel an online agreement for a period of time.
Immediately after entering into an agreement with a consumer, a copy of the agreement should be given to the consumer. This can be accomplished in electronic form by email, provided that it is accessible so as to be usable for subsequent reference. In some jurisdictions, if a copy is not provided, a consumer may cancel an online agreement within a certain period of time.
Many jurisdictions have enacted legislation that is designed to support and promote e-commerce by protecting personal information that is collected, used or disclosed in commercial activities. The main principle behind such privacy protection legislation is that an individual’s knowledge and consent are required for the collection, use or disclosure of his or her personal information except in specific exceptions such as law enforcement or emergencies.
As an e-commerce retailer, your organization will likely collect personal information in order to bill the customer for the initial and subsequent online transactions and to build a customer profile with respect to future marketing opportunities. Therefore, the com- pany should take the appropriate steps to address the following main privacy princi- ples:
Accountability – Your company is responsible for personal information under its control and should designate an individual or individuals who are accountable for your organization’s compliance with these principles.
Identify the purpose for which personal information is collected – The company needs to clearly identify the purposes for collecting personal information at or before the time the information is collected.
Obtain consent - The knowledge and consent of the individual consumer are required for the collection, use or disclosure of personal information, except when inappropriate.
Collection should be limited to the extent necessary or desired from the perspective of the consumer – The collection of personal information should be limited to that which is necessary for the purposes you identify and the consumer agrees to.
Use, Disclosure and Retention should be limited – The company should not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Your com- pany should only retain personal information as long as necessary for the fulfillment of those specific purposes.
Ensure accuracy – To the extent possible, your organization should ensure that the personal information that is collected is accurate, complete, and up-to-date as necessary for the purpose for which it is to be used.
Use appropriate safeguards – Your company needs to employ security safeguards commensurate with the level of sensitivity of the personal information you collect.
Visa e-commerce cross-border handbook for U.S. retailers
Copyright 2010 Visa. All rights reserved.